]> git.saurik.com Git - apple/security.git/blob - keychain/ot/OTCuttlefishContext.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-59306.101.1.tar.gz
[apple/security.git] / keychain / ot / OTCuttlefishContext.h
1 /*
2 * Copyright (c) 2017 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 #if OCTAGON
25 #ifndef OTCUTTLEFISH_CONTEXT
26 #define OTCUTTLEFISH_CONTEXT
27
28 #import <ApplePushService/ApplePushService.h>
29 #import <Foundation/Foundation.h>
30 #import <CloudKit/CloudKit.h>
31 #import <CloudKit/CloudKit_Private.h>
32
33 #import "keychain/ckks/OctagonAPSReceiver.h"
34 #import "keychain/ckks/CKKSAccountStateTracker.h"
35 #import "keychain/ckks/CKKSCondition.h"
36 #import "keychain/TrustedPeersHelper/TrustedPeersHelperProtocol.h"
37 #import "OTDeviceInformation.h"
38 #import "keychain/ot/OTConstants.h"
39 #import "keychain/ot/OTDefines.h"
40 #import "keychain/ot/OTClique.h"
41 #import "keychain/ot/OTFollowup.h"
42 #import "keychain/ot/OTSOSAdapter.h"
43 #import "keychain/ot/OTAuthKitAdapter.h"
44 #import "keychain/ot/OTDeviceInformationAdapter.h"
45 #import "keychain/ot/OTCuttlefishAccountStateHolder.h"
46 #import "keychain/ot/OctagonStateMachineHelpers.h"
47 #import "keychain/ot/OctagonStateMachine.h"
48 #import "keychain/ot/proto/generated_source/OTAccountMetadataClassC.h"
49 #import <KeychainCircle/PairingChannel.h>
50 #import "keychain/ot/OTJoiningConfiguration.h"
51 #import "keychain/ot/OTOperationDependencies.h"
52 #import "keychain/ot/CuttlefishXPCWrapper.h"
53 #import "keychain/escrowrequest/Framework/SecEscrowRequest.h"
54
55 #import <CoreCDP/CDPAccount.h>
56
57 #import "keychain/ckks/CKKSLockStateTracker.h"
58 #import "keychain/ckks/CKKSViewManager.h"
59 #import "keychain/ckks/CKKSKeychainView.h"
60
61 NS_ASSUME_NONNULL_BEGIN
62
63 @interface OTCuttlefishContext : NSObject <OctagonCuttlefishUpdateReceiver,
64 OTAuthKitAdapterNotifier,
65 OctagonStateMachineEngine,
66 CKKSCloudKitAccountStateListener,
67 CKKSPeerUpdateListener,
68 OTDeviceInformationNameUpdateListener>
69
70 @property (readonly) CuttlefishXPCWrapper* cuttlefishXPCWrapper;
71 @property (readonly) OTFollowup *followupHandler;
72
73 @property (readonly) NSString *containerName;
74 @property (readonly) NSString *contextID;
75 @property (readonly) NSString *altDSID;
76 @property (nonatomic,strong) NSString *_Nullable pairingUUID;
77 @property (nonatomic, readonly) CKKSLockStateTracker *lockStateTracker;
78 @property (nonatomic, readonly) OTCuttlefishAccountStateHolder* accountMetadataStore;
79 @property (readonly) OctagonStateMachine* stateMachine;
80 @property (nullable, nonatomic) CKKSNearFutureScheduler* apsRateLimiter;
81 @property (nullable, nonatomic) CKKSNearFutureScheduler* sosConsistencyRateLimiter;
82
83 @property (readonly, nullable) CKKSViewManager* viewManager;
84
85 // Dependencies (for injection)
86 @property (readonly) id<OTDeviceInformationAdapter> deviceAdapter;
87 @property id<OTAuthKitAdapter> authKitAdapter;
88
89 @property dispatch_queue_t queue;
90
91 - (instancetype)initWithContainerName:(NSString*)containerName
92 contextID:(NSString*)contextID
93 cuttlefish:(id<NSXPCProxyCreating>)cuttlefish
94 sosAdapter:(id<OTSOSAdapter>)sosAdapter
95 authKitAdapter:(id<OTAuthKitAdapter>)authKitAdapter
96 ckksViewManager:(CKKSViewManager* _Nullable)viewManager
97 lockStateTracker:(CKKSLockStateTracker*)lockStateTracker
98 accountStateTracker:(id<CKKSCloudKitAccountStateTrackingProvider, CKKSOctagonStatusMemoizer>)accountStateTracker
99 deviceInformationAdapter:(id<OTDeviceInformationAdapter>)deviceInformationAdapter
100 apsConnectionClass:(Class<OctagonAPSConnection>)apsConnectionClass
101 escrowRequestClass:(Class<SecEscrowRequestable>)escrowRequestClass
102 cdpd:(id<OctagonFollowUpControllerProtocol>)cdpd;
103
104 // Call one of these when the account state changes. OTCuttlefishContext is responsible for maintaining this state across daemon restarts.
105 - (BOOL)accountAvailable:(NSString*)altDSID error:(NSError**)error;
106 - (BOOL)accountNoLongerAvailable:(NSError**)error;
107 - (BOOL)idmsTrustLevelChanged:(NSError**)error;
108
109 // Call these to manipulate the "CDP-ness" of the account
110 // Note that there is no way to turn CDP back off again
111 - (OTCDPStatus)getCDPStatus:(NSError* __autoreleasing *)error;
112 - (BOOL)setCDPEnabled:(NSError* __autoreleasing *)error;
113
114 - (void)deviceNameUpdated;
115
116 - (void)startOctagonStateMachine;
117 - (void)handlePairingRestart:(OTJoiningConfiguration*)config;
118
119 - (void)rpcPrepareIdentityAsApplicantWithConfiguration:(OTJoiningConfiguration*)config
120 epoch:(uint64_t)epoch
121 reply:(void (^)(NSString * _Nullable peerID,
122 NSData * _Nullable permanentInfo,
123 NSData * _Nullable permanentInfoSig,
124 NSData * _Nullable stableInfo,
125 NSData * _Nullable stableInfoSig,
126 NSError * _Nullable error))reply;
127 - (void)rpcJoin:(NSData*)vouchData
128 vouchSig:(NSData*)vouchSig
129 reply:(void (^)(NSError * _Nullable error))reply;
130
131 - (void)rpcResetAndEstablish:(CuttlefishResetReason)resetReason reply:(nonnull void (^)(NSError * _Nullable))reply;
132
133 - (void)localReset:(nonnull void (^)(NSError * _Nullable))reply;
134
135 - (void)rpcEstablish:(nonnull NSString *)altDSID
136 reply:(nonnull void (^)(NSError * _Nullable))reply;
137
138 - (void)rpcLeaveClique:(nonnull void (^)(NSError * _Nullable))reply;
139
140
141 -(void)joinWithBottle:(NSString*)bottleID
142 entropy:(NSData *)entropy
143 bottleSalt:(NSString *)bottleSalt
144 reply:(void (^)(NSError * _Nullable error))reply;
145
146 -(void)joinWithRecoveryKey:(NSString*)recoveryKey
147 reply:(void (^)(NSError * _Nullable error))reply;
148
149 - (void)rpcRemoveFriendsInClique:(NSArray<NSString*>*)peerIDs
150 reply:(void (^)(NSError * _Nullable))reply;
151
152 - (void)notifyContainerChange:(APSIncomingMessage* _Nullable)notification;
153 - (void)notifyContainerChangeWithUserInfo:(NSDictionary*)userInfo;
154
155 - (void)rpcStatus:(void (^)(NSDictionary* _Nullable result, NSError* _Nullable error))reply;
156 - (void)rpcFetchEgoPeerID:(void (^)(NSString* _Nullable peerID, NSError* _Nullable error))reply;
157 - (void)rpcTrustStatus:(OTOperationConfiguration *)configuration
158 reply:(void (^)(CliqueStatus status,
159 NSString* _Nullable peerID,
160 NSDictionary<NSString*, NSNumber*>* _Nullable peerCountByModelID,
161 BOOL isExcluded,
162 NSError * _Nullable))reply;
163 - (void)rpcFetchDeviceNamesByPeerID:(void (^)(NSDictionary<NSString*, NSString*>* _Nullable peers, NSError* _Nullable error))reply;
164 - (void)rpcFetchAllViableBottles:(void (^)(NSArray<NSString*>* _Nullable sortedBottleIDs, NSArray<NSString*>* _Nullable sortedPartialEscrowRecordIDs, NSError* _Nullable error))reply;
165 - (void)fetchEscrowContents:(void (^)(NSData* _Nullable entropy,
166 NSString* _Nullable bottleID,
167 NSData* _Nullable signingPublicKey,
168 NSError* _Nullable error))reply;
169 - (void)rpcSetRecoveryKey:(NSString*)recoveryKey reply:(void (^)(NSError * _Nullable error))reply;
170
171 - (void)rpcRefetchCKKSPolicy:(void (^)(NSError * _Nullable error))reply;
172
173 - (void)requestTrustedDeviceListRefresh;
174
175 - (OTDeviceInformation*)prepareInformation;
176
177 // called when circle changed notification fires
178 - (void) moveToCheckTrustedState;
179
180 - (OTOperationDependencies*)operationDependencies;
181
182 - (void)attemptSOSUpgrade:(void (^)(NSError* _Nullable error))reply;
183
184 - (void)waitForOctagonUpgrade:(void (^)(NSError* error))reply NS_SWIFT_NAME(waitForOctagonUpgrade(reply:));
185
186 - (BOOL)waitForReady:(int64_t)timeOffset;
187
188
189 // For testing.
190 - (OTAccountMetadataClassC_AccountState)currentMemoizedAccountState;
191 - (OTAccountMetadataClassC_TrustState)currentMemoizedTrustState;
192 - (NSDate* _Nullable) currentMemoizedLastHealthCheck;
193 - (void) checkTrustStatusAndPostRepairCFUIfNecessary:(void (^ _Nullable)(CliqueStatus status, BOOL posted, BOOL hasIdentity, NSError * _Nullable error))reply;
194 - (void) setAccountStateHolder:(OTCuttlefishAccountStateHolder*)accountMetadataStore;
195
196 - (void)clearCKKSViewManager;
197
198 @property (nullable) TPPolicyVersion* policyOverride;
199
200 // Octagon Health Check Helpers
201 - (void)checkOctagonHealth:(BOOL)skipRateLimitingCheck reply:(void (^)(NSError * _Nullable error))reply;
202 - (BOOL)postRepairCFU:(NSError**)error;
203 - (void)postConfirmPasscodeCFU:(NSError**)error;
204
205 // For reporting
206 - (BOOL)machineIDOnMemoizedList:(NSString*)machineID error:(NSError**)error NS_SWIFT_NOTHROW;
207 - (NSNumber* _Nullable)numberOfPeersInModelWithMachineID:(NSString*)machineID error:(NSError**)error;
208
209 @end
210
211 NS_ASSUME_NONNULL_END
212 #endif // OTCUTTLEFISH_CONTEXT
213 #endif
214
mirror of Security